CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
77.1%
According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.45 / 7.0.68 / 8.0.30. It is, therefore, affected by an information disclosure vulnerability:
Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.
Binary data 9316.pasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
svn.apache.org/viewvc?view=rev&rev=1715216,http://svn.apache.org/viewvc?view=rev&rev=1717216,http://svn.apache.org/viewvc?view=rev&rev=1715213,http://svn.apache.org/viewvc?view=rev&rev=1717212,http://svn.apache.org/viewvc?view=rev&rev=1715207,http://svn.apache.org/viewvc?view=rev&rev=1717209,http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45,http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68,http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.30
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
77.1%